/*
AlliedBridge Content Management System
Copyright (C) 2006 AlliedBridge

This program is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software Foundation;

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package org.volume4.authentication;

import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

/**
 *
 * @author  Design_DEMON
 * @version
 */
public class login extends HttpServlet {
    public String app_root, DRIVER, URL, USER, PASS;
    public String first_name,last_name,phone,email,username,userid,password,access_level,access_url,status;
    /** Initializes the servlet.
     */
    public void init() throws ServletException {
    ServletContext context = getServletContext();
    DRIVER = context.getInitParameter("driver");
    URL = context.getInitParameter("ab_dburl");
    USER = context.getInitParameter("ab_dbuser");
    PASS = context.getInitParameter("ab_dbpass");
    }
      
    
    /** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
     * @param request servlet request
     * @param response servlet response
     */
    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, java.io.IOException {
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        Connection con = null;
        
        try {          
          username = request.getParameter("username");
          userid = request.getParameter("userid");
          password = request.getParameter("password");
            
          Class.forName(DRIVER);
          con = DriverManager.getConnection(URL,USER,PASS);                           
          PreparedStatement stmt = con.prepareStatement(
          "SELECT * from ab_users WHERE username= '" + username + "' " +
          "AND userid = '" + userid + "' " +
          "AND password= '" + password + "'");
          
          ResultSet rs = stmt.executeQuery();
          
          boolean foundUser = false;
          
          while(rs.next()) {
              foundUser = true;           
              
              // Get user information from ResultSet object
              userid = rs.getString("userid");
              username = rs.getString("username");
              status = rs.getString("status");
              access_level = rs.getString("access_level");
              access_url = rs.getString("access_url");
              first_name = rs.getString("first_name");
              last_name = rs.getString("last_name");
              phone = rs.getString("phone");
              email = rs.getString("email");
              
              if (!status.equalsIgnoreCase("granted")) {
            	  response.sendRedirect("login_failed.jsp?reason=Account Suspended. Please contact accounts-manager@alliedbridge.com");
              } else {
              // Place values obtained from ResultSet into
              // the current session.
              HttpSession session = request.getSession(true);
              session.setMaxInactiveInterval(1800);
              session.setAttribute("username", username);
              session.setAttribute("userid", userid);
              session.setAttribute("password", password);
              session.setAttribute("access_url", access_url);
              session.setAttribute("first_name", first_name);
              session.setAttribute("last_name", last_name);
              session.setAttribute("phone", phone);                
              session.setAttribute("email", email);
              
              app_root = request.getContextPath();
              response.sendRedirect(app_root + "/application" + access_url);
              }                
            }
          if (foundUser == false)
              response.sendRedirect("login_failed.jsp?reason=Username or password incorrect.");
          
        } catch(Exception e) {
        }
    }
    
    /** Handles the HTTP <code>GET</code> method.
     * @param request servlet request
     * @param response servlet response
     */
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, java.io.IOException {
        processRequest(request, response);
    }
    
    /** Handles the HTTP <code>POST</code> method.
     * @param request servlet request
     * @param response servlet response
     */
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, java.io.IOException {
        processRequest(request, response);
    }
}
